Hi again, I found a simpler way to test the server connection, but it is still not working. Namely,
penssl s_client -connect 192.168.1.6:8000
CONNECTED(00000003) 18683:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:188:
Regards, Mads Lindstrøm On Sun, 2010-12-12 at 20:14 +0100, Mads Lindstrøm wrote:
Hi Haskellers,
I am trying to connect a Java client to a Haskell server using the Haskell tls package, and things are not working out for me. There is a lot of steps involved and I do not know what I am doing wrong, so this is a long message. But first I create a private/public key-pair:
openssl genrsa -out privkey.pem 2048
then I make a self-signed certificate:
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, YOUR name) []:192.168.1.6 Email Address []:
then I convert the certificate to DER format and stuff it into a Java keystore:
openssl x509 -in cacert.pem -out cert.der -outform DER keytool -keystore myKeystore.store -importcert -storepass foobar -keypass foobar -file cert.der
now I start the Haskell server:
ghc -hide-package monads-tf Server.hs -e main
and then the Java client:
javac Client.java java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=myKeystore.store -Djavax.net.ssl.trustStorePassword=foobar Client >JavaClientOutput.txt 2>&1
The server output is:
<interactive>: user error (unexpected type received. expecting handshake ++ Left (Error_Packet "invalid type"))
and not "Hello world" as expected.
The client output is very long, but the most interesting part is properly:
main, received EOFException: error main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake main, SEND TLSv1 ALERT: fatal, description = handshake_failure
I have attached the Haskell server, the Java client and the full java output. Hope somebody can help figure out what I do wrong.
I am using the Haskell tsl package version 0.3.1. And I run Debian Linux.
I also tried connecting a Java client to a Java server. First create server keystore:
openssl pkcs8 -topk8 -nocrypt -in privkey.pem -inform PEM -out privkey.der -outform DER java -Dkeystore=myServerKeystore.store ImportKey privkey.der cert.der
ImportKey.java can be found here http://www.agentbob.info/agentbob/79-AB.html .
then start Java server:
javac JavaServer.java java -Djavax.net.ssl.keyStore=myServerKeystore.store -Djavax.net.ssl.keyStorePassword=importkey JavaServer
and run the client again:
java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=myKeystore.store -Djavax.net.ssl.trustStorePassword=foobar Client
and the server outputs:
Hello world
as expected. Thus I think the certificates are fine, and the Java client is fine. But what am I doing wrong in the Haskell server?
I have attached JavaServer.java.
Regards,
Mads Lindstrøm